Future Intel processors will support SGX (Software Guard Extensions), which allows running security-critical software on your processor in a way that is isolated from all the other code. The hardware ...

Recently I heard the term called application level antivirus. I just wanted to know is there anything like that. I heard a company provides such kind of antivirus(I dont want to post company name) I ...

I'm using Postgres's uuid_generate_v4 in a uuid primary key column to generate secure one-time authentication tokens. Is this okay? Does Postgres use a secure random number source for generating these ...

Is there any way of knowing is a credit/debit card has an EMV Chip, by reading the magnetic stripe. This way I could deny the payment via magnetic stripe and ask to the customer to insert the card via ...

I am looking for a way to make sure that a particular archive file does not contain any sort of malicious code. From time to time new vulnerabilities pop up (e.g. gzip, 7zip) so I though a good idea ...

I am new to the Formal Methods arena, but I feel I have an educated grasp on its applications. However, I only seem to encounter formal methods as applied to the development process, as the software ...

I'm studying application security and now I have a question which I couldn't find a good answer.
Assume I have a vulnerable desktop application in my virus-free windows 7 PC. Let's say when the file ...

I'm having a hard time figuring out what "Runtime Application Self-Protection" (RASP) really is, though I see it mentioned in the press. The best description I've seen of the possible benefits, along ...

Upfront, I want to clarify that I am not a professional cryptographer, I am more curious about playing with the math and science behind it, and also want to improve my habits with my own personal and ...

I performed vulnerability testing of some Android mobile applications I helped develop and I noticed some odd behavior. The applications used the default Android 5.0.2 cipher suite list that includes ...

In a previous question in InfoSec, I asked about how to determine the safety of a sideloaded Android app that requires root permissions.
Now I would like to ask a related, but different question: Is ...

Sorry if this is a duplicate however I felt it was a little more unique than the answers I found. Basically I am a software developer and I have moved recently into an architecture role. Throughout my ...

This is yet another "How is a forgot my password page done right" question. However, it explicitly addresses two implementation options that I have come across recently.
The common approaches [1,2] ...

What would be a good way to authenticate a user to authenticate to websites and applications over a smart phone? By good, I mean that it is both secure, and user-friendly. Passwords don't seem to be ...

I was reading a paper and saw this piece of code has an information leakage vulnerability. It was saying the following code will Leak memory layout information to the attackers
Could somebody please ...

Sorry for this probably noobish question. So far, I've read password comparison/verification is implicitly understood to be made on the application layer and not in the database. For example in PHP, ...

I was studying different WAFs, from open-source (such as ModSecurity and NAXSI) to commercial solutions (Imperva, Citrix, Fortinet, etc.). Many people state that having a whitelist-based WAF is far ...

When thinking about which messaging solution to use on my new "smart"phone I reflexively tended towards open source products, figuring that I could trust these more to actually provide the security ...

Can someone recommend me the best design to use to navigate out of the site.
Here are the steps to navigate out of the current site.
1)Show the intermediate page warning the user that, they will be ...

Our Enterprise is using Oracle Application Server in front of Oracle database. We are using Oracle wallet manager(Installed with Oracle client 10) to create self-signed certificates. As you may know ...

I've reviewed some material here and in other sites relating to secure usage of Window.postMessage. There is a bunch of material regarding best practices but one of my questions remained unanswered.
...